<?php
	require_once("_inc/functions.php");
	require_once("_inc/connection.php");

	// echo "<pre>";
	// print_r($_SERVER);
	// echo "</pre>";

	if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
		$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
	}else {
		if ($_SERVER['REMOTE_ADDR']!="192.168.10.254") {
			$ip = $_SERVER['REMOTE_ADDR'];
		}
	}
	if ($ip!="" && $ip!="192.168.10.254") {
		$nport = "21,22,25,43,110,443,465,993,5222,1863,1935,1755";
		$proxy = "192.168.10.254";

		$r0 = "iptables -t nat -A PREROUTING ! --destination $proxy -s $ip -p tcp --dport 80 -j DNAT --to-destination $proxy:3128";
		if (existrule(htmlspecialchars($r0, ENT_QUOTES))) {
			$r0d = "iptables -t nat -D PREROUTING ! --destination $proxy -s $ip -p tcp --dport 80 -j DNAT --to-destination $proxy:3128";
			exec("sudo $r0d");
			tagdel(htmlspecialchars($r0, ENT_QUOTES));
		}


		$m0 = "iptables -t nat -A PREROUTING -d $proxy -s $ip -p tcp --dport 80 -j DNAT --to-destination $proxy:1000";
		if (existrule(htmlspecialchars($m0, ENT_QUOTES))) {
			$m0d = "iptables -t nat -D PREROUTING -d $proxy -s $ip -p tcp --dport 80 -j DNAT --to-destination $proxy:1000";
			exec("sudo $m0d");
			tagdel(htmlspecialchars($m0, ENT_QUOTES));
		}


		//  worked
		$r1 = "iptables -t nat -A POSTROUTING -s $ip -p tcp -m multiport --dports $nport -o eth1 -j MASQUERADE";
		if (existrule(htmlspecialchars($r1, ENT_QUOTES))) {
			$r1d = "iptables -t nat -D POSTROUTING -s $ip -p tcp -m multiport --dports $nport -o eth1 -j MASQUERADE";
			exec("sudo $r1d");
			tagdel(htmlspecialchars($r1, ENT_QUOTES));
		}
		$r2 = "iptables -t nat -A PREROUTING -s $ip -p tcp --dport 80 -j DNAT --to-destination $proxy:1000";
		if (!existrule(htmlspecialchars($r2, ENT_QUOTES))) {
			exec("sudo $r2");
			tagadd($ip,htmlspecialchars($r2, ENT_QUOTES));
		}


		// ----------------- add tional ---
		$r5 = "iptables -A PREROUTING -s $ip -t mangle -p udp -j MARK --set-mark 2";
		if (existrule(htmlspecialchars($r5, ENT_QUOTES))) {
			$r5d = "iptables -D PREROUTING -s $ip -t mangle -p udp -j MARK --set-mark 2";
			exec("sudo $r5d");
			tagdel(htmlspecialchars($r5, ENT_QUOTES));
		}
		$r6 = "iptables -t nat -A POSTROUTING -s $ip -p udp -o eth0 -j MASQUERADE";
		if (existrule(htmlspecialchars($r6, ENT_QUOTES))) {
			$r6d = "iptables -t nat -D POSTROUTING -s $ip -p udp -o eth0 -j MASQUERADE";
			exec("sudo $r6d");
			tagdel(htmlspecialchars($r6, ENT_QUOTES));
		}
		// 
		$r7 = "iptables -A PREROUTING -s $ip -t mangle -p tcp --dport 2000:4900 -j MARK --set-mark 2";
		if (existrule(htmlspecialchars($r7, ENT_QUOTES))) {
			$r7d = "iptables -D PREROUTING -s $ip -t mangle -p tcp --dport 2000:4900 -j MARK --set-mark 2";
			exec("sudo $r7d");
			tagdel(htmlspecialchars($r7, ENT_QUOTES));
		}
		$r8 = "iptables -t nat -A POSTROUTING -s $ip -p tcp --dport 2000:4900 -o eth0 -j MASQUERADE";
		if (existrule(htmlspecialchars($r8, ENT_QUOTES))) {
			$r8d = "iptables -t nat -D POSTROUTING -s $ip -p tcp --dport 2000:4900 -o eth0 -j MASQUERADE";
			exec("sudo $r8d");
			tagdel(htmlspecialchars($r8, ENT_QUOTES));
		}
		// 
		$r9 = "iptables -A PREROUTING -s $ip -t mangle -p tcp --dport 5300:13000 -j MARK --set-mark 2";
		if (existrule(htmlspecialchars($r9, ENT_QUOTES))) {
			$r9d = "iptables -D PREROUTING -s $ip -t mangle -p tcp --dport 5300:13000 -j MARK --set-mark 2";
			exec("sudo $r9d");
			tagdel(htmlspecialchars($r9, ENT_QUOTES));
		}
		$r10 = "iptables -t nat -A POSTROUTING -s $ip -p tcp --dport 5300:13000 -o eth0 -j MASQUERADE";
		if (existrule(htmlspecialchars($r10, ENT_QUOTES))) {
			$r10d = "iptables -t nat -D POSTROUTING -s $ip -p tcp --dport 5300:13000 -o eth0 -j MASQUERADE";
			exec("sudo $r10d");
			tagdel(htmlspecialchars($r10, ENT_QUOTES));
		}
		// 
		$r11 = "iptables -A PREROUTING -s $ip -t mangle -p tcp --dport 23000:29000 -j MARK --set-mark 2";
		if (existrule(htmlspecialchars($r11, ENT_QUOTES))) {
			$r11d = "iptables -D PREROUTING -s $ip -t mangle -p tcp --dport 23000:29000 -j MARK --set-mark 2";
			exec("sudo $r11d");
			tagdel(htmlspecialchars($r11, ENT_QUOTES));
		}
		$r12 = "iptables -t nat -A POSTROUTING -s $ip -p tcp --dport 23000:29000 -o eth0 -j MASQUERADE";
		if (existrule(htmlspecialchars($r12, ENT_QUOTES))) {
			$r12d = "iptables -t nat -D POSTROUTING -s $ip -p tcp --dport 23000:29000 -o eth0 -j MASQUERADE";
			exec("sudo $r12d");
			tagdel(htmlspecialchars($r12, ENT_QUOTES));
		}
		// 
		$r13 = "iptables -A PREROUTING -s $ip -t mangle -p tcp --dport 14000:16000 -j MARK --set-mark 2";
		if (existrule(htmlspecialchars($r13, ENT_QUOTES))) {
			$r13d = "iptables -D PREROUTING -s $ip -t mangle -p tcp --dport 14000:16000 -j MARK --set-mark 2";
			exec("sudo $r13d");
			tagdel(htmlspecialchars($r13, ENT_QUOTES));
		}
		$r14 = "iptables -t nat -A POSTROUTING -s $ip -p tcp --dport 14000:16000 -o eth0 -j MASQUERADE";
		if (existrule(htmlspecialchars($r14, ENT_QUOTES))) {
			$r14d = "iptables -t nat -D POSTROUTING -s $ip -p tcp --dport 14000:16000 -o eth0 -j MASQUERADE";
			exec("sudo $r14d");
			tagdel(htmlspecialchars($r14, ENT_QUOTES));
		}

		exec("sudo rmtrack $ip");

	}

	
	// exec("sudo rmtrack $ip");

	// exec("sudo rmtrack443 $ip");
	// $nar = explode($nport,",");
	// foreach ($nar as $key => $value) {
	// 	exec("sudo rmtrack $ip $value");
	// }
	



// 	
// iptables -t nat -D POSTROUTING -s 192.168.10.5 -p tcp -m multiport --dports 22,25,43,110,443,465,993,7822,5222,1863,2779 -o eth1 -j MASQUERADE
// iptables -t nat -A PREROUTING -s 192.168.10.5 -p tcp --dport 80 -j DNAT --to-destination 192.168.10.254:80
// rmtrack 192.168.10.5


	// exec("sudo iptables -D PREROUTING -s $ip -t mangle -p tcp -m multiport --dports $nport -j MARK --set-mark 1");
	// exec("sudo iptables -t nat -D POSTROUTING -s $ip -o eth1 -j MASQUERADE");

	// lowspeed line
	// exec("sudo iptables -D PREROUTING -s $ip -t mangle -p tcp --dport $sport -j MARK --set-mark 2")
	// exec("sudo iptables -t nat -D POSTROUTING -s $ip -o eth0 -j MASQUERADE");

	// back to authen

	// clear current
	
	
// 	conntrack -L | grep 192.168.10.5 | grep ESTAB | grep 'dport=80' \
// awk "{ system(\"conntrack -D --orig-src $1 --orig-dst \" substr(\$6,5) \" -p tcp --orig-port-src \" substr(\$7,7) \" --orig-port-dst 80\"); }"
	
	

?>